Chat now with support
Chat with Support

Identity Manager 8.1 - Identity Management Base Module Administration Guide

Basics for Mapping Company Structures in One Identity Manager Managing Departments, Cost Centers and Locations Working with Dynamic Roles Employee administration
One Identity Manager users for employee administration Basic data for employee master data Entering employee master data Employee's central user account Employee's central password Employee's default email address Mapping multiple employee identities Disabling and deleting employees Password policies for employees Limited access to One Identity Manager Assigning company resources to employees Displaying the origin of an employee's roles and entitlements Analyzing role memberships and employee assignments Additional tasks for managing employees Determining an employee‘s language Determining an employee's working hours Employee reports
Managing Devices and Workdesks Managing Resources Set up Extended Properties Appendix: Configuration parameters for managing departments, cost centers, and locations Appendix: Configuration parameters for managing employees Appendix: Configuration Parameters for Managing Devices and Workdesks

Script for checking a password

You can implement a check script if additional policies need to be used for checking a password, which cannot be mapped with the available settings.

Syntax for Check Scripts

Public Sub CCC_CustomPwdValidate( policy As VI.DB.Passwords.PasswordPolicy, spwd As System.Security.SecureString)

With parameters:

policy = password policy object

spwd = password to test

TIP: To use a base object, take the property Entity of the PasswordPolicy class.
Example for a script for testing a password

A password cannot start with ? or !. The script checks a given password for validity.

Public Sub CCC_PwdValidate( policy As VI.DB.Passwords.PasswordPolicy, spwd As System.Security.SecureString)

Dim pwd = spwd.ToInsecureArray()

If pwd.Length>0

If pwd(0)="?" Or pwd(0)="!"

Throw New Exception(#LD("Password can't start with '?' or '!'")#)

End If

End If

If pwd.Length>2

If pwd(0) = pwd(1) AndAlso pwd(1) = pwd(2)

Throw New Exception(#LD("Invalid character sequence in password")#)

End If

End If

End Sub

To use a custom script for checking a password

  1. Create your script in the category Script Library in the Designer.
  2. Edit the password policy.
    1. In Manager, select Employees | Basic configuration data | Password policies| Password policies.

    2. Select the password policy in the result list.
    3. Select Change master data.
    4. Enter the name of the script to be used to check a password in the Check script input field on the Scripts tab.
    5. Save the changes.
Related Topics

Script for generating a password

You can implement a generating script if additional policies need to be used for generating a random password, which cannot be mapped with the available settings.

Syntax for generating script

Public Sub CCC_PwdGenerate( policy As VI.DB.Passwords.PasswordPolicy, spwd As System.Security.SecureString)

With parameters:

policy = password policy object

spwd = generated password

TIP: To use a base object, take the property Entity of the PasswordPolicy class.
Example for a script to generate a password

In random passwords, the script replaces the ? and ! characters, which are not permitted.

Public Sub CCC_PwdGenerate( policy As VI.DB.Passwords.PasswordPolicy, spwd As System.Security.SecureString)

Dim pwd = spwd.ToInsecureArray()

' replace invalid characters at first position

If pwd.Length>0

If pwd(0)="?" Or pwd(0)="!"

spwd.SetAt(0, CChar("_"))

End If

End If

End Sub

To use a custom script for generating a password

  1. Create your script in the category Script Library in the Designer.
  2. Edit the password policy.
    1. In Manager, select Employees | Basic configuration data | Password policies| Password policies.

    2. Select the password policy in the result list.
    3. Select Change master data.
    4. Enter the name of the script to be used to generate a password in the Generating script input field on the Scripts tab.
    5. Save the changes.
Related Topics

Defining the excluded list for passwords

You can add words to a list of restricted terms to prohibit them from being used in passwords.

NOTE: The restricted list applies globally to all password policies.

To add a term to the restricted list

  1. Select Base Data | Security settings | Restricted passwords in Designer.

  2. Create a new entry with Object | New an enter the term to excluded to the list.
  3. Save the changes.

Checking a password

When you test a password, all the password policy settings, custom scripts and the restricted passwords are taken into account.

To test whether a password conforms to the password policy

  1. In Manager, select Employees | Basic configuration data | Password policies| Password policies.

  2. Select the password policy in the result list.
  3. Select Change master data.
  4. Select the Test tab.
  5. Select the table and object to be tested in Base object for test.
  6. Enter a password in Enter password to test.

    A display next to the password shows whether it is valid or not.

Related Documents